Phishing attacks are targeting out-of-work users on LinkedIn, creating lures using job titles scraped from the targeted workers' profiles in an attempt to convince them to open and execute different malicious files or links, according to a new analysis from cybersecurity firm eSentire.
The attack involves a tool known as "more_eggs" — a fileless backdoor program that consists of a script that runs in memory and calls various system functions to compromise the target's computer. The latest variant of the scheme uses a malicious ZIP archive labeled with the target's title from LinkedIn and then uses a LNK file to execute.
The attack shows the degree to which attackers — in this case, a group dubbed "Golden Chickens" — are improving personalization and targeting to increase the likelihood of their success, says Rob McLeod, senior director of the Threat Response Unit (TRU) for eSentire.
"The personalization and the effort that this group has gone to in order to make a convincing lure is significant," he says. "A lot of the tradecraft is not new, and we have seen this tradecraft used by other groups before, but at this point, it shows the extent that threat actors are willing to go to create a believable lure."
The attack targeted a professional in the healthcare technology industry, according to eSentire's analysis.
The attack is not new, with security firm Proofpoint describing similar attacks in 2019 using an older version of the "more_eggs" backdoor. The attack ..
Support the originator by clicking the read the rest link below.
